cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
554
Views
9
Helpful
2
Replies

CSS/SSL termination - cypher negotiation Q

a.gesse
Level 1
Level 1

Hi everyone

question regarding SSL termination on CSS/SSL module.

I have several several cyphers in my ssl-proxy list,

What is the algorithm to choose the cypher ?

I may assume that CSS and browser negotiate it during SSL session establishing.

The testing shows that same browser gets different cyphers when it hits

different CSSs (cyphers are in the same order in proxy-lists on CSSs)

Thanks

Alex

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

Alex,

it's not really an algorithm.

The browser selects the first cipher that matches its requirements in the list presented by the server/CSS.

The CSS builds a list in the order of weight.

If you did not specify any weight, the list can be random depending in which order you entered the command.

I would say, if you want a specific cipher to be selected, use a highest weight for this cipher.

Gilles.

Thanks Gilles,

this is exactly what I am looking for,

I missed it in docs

regards,

Alex

Review Cisco Networking for a $25 gift card